Thanks, I've updated the notes here to indicate that both issues were fixed for the next releases (6.2.2 and 7.1.7 respectively) so new releases since that blog post would not be affected by this issue. We would never release a new version with known security issues in it.
For proxy.htm it is important that you do check if the content is the same as in the github commit that's mentioned in the blog post, if an upgrade did not replace this file you might still be vulnerable. The booting.aspx issue was fixed in a dll so that should be up-to-date already else you would be seeing errors all over the place.
Security issue question
Does anyone know if the issues raised in this post from 2014 are still relevant for Umbraco 7?
https://umbraco.com/blog/security-issues-found-in-umbraco-4-6-and-7/
If there are any core team reading this, would you be able to update it to clarify whether any action is required for the newer versions of Umbraco.
Thanks in advance, H5YR!
Thanks, I've updated the notes here to indicate that both issues were fixed for the next releases (6.2.2 and 7.1.7 respectively) so new releases since that blog post would not be affected by this issue. We would never release a new version with known security issues in it.
For proxy.htm it is important that you do check if the content is the same as in the github commit that's mentioned in the blog post, if an upgrade did not replace this file you might still be vulnerable. The booting.aspx issue was fixed in a dll so that should be up-to-date already else you would be seeing errors all over the place.
Brilliant, thanks a lot for the update Seb.
is working on a reply...